Saturday, November 13, 2010

Tips for Creating a Complex Password

Looking forward to your ideas and comments!!

The tough part about creating a strong password isn’t making it up … it’s remembering it. So the challenge we all face is creating passwords that are both hard to guess *and* easy to remember. These tricks are ones that security-minded geeks like me use to create effective passwords that are both memorable and strong.


Start by creating a base word by using one of the following ideas:
1. String together the first letters of a familiar group of words. Song lyrics, poems and famous quotes work great.
2. Connect small, unrelated words together.

Once you have your base word, modify it by using some of the following ideas:
  • Capitalize a few letters, while leaving the rest lowercase.
  • Substitute numbers and symbols for similar-looking letters.
  • Add some symbols to the beginning or end of the word (this can help if your word is too short to meet password length requirements).

Here’s how it comes together:
For my base word, I’ll use the idiom: “Life is not a bowl of cherries.”
String the first letter of each word together to form the following base-word:
linaboc

 
Modify it by capitalizing some letters (A and C):
linAboC

 
Make some numeric/symbol substitutions (i=!, l=1)
1!nAboC

 
Finally, add a symbol (?) to get the final password:
1!nAboC?

Here’s another example:

 
Let’s string “bat,” “toe” and “up” together to create the following base word:
battoeup

 
Capitalize some letters (O and P)
battOeuP

 
Substitute some numbers and symbols (a=@, t=7)
b@77OeuP

 
And add a symbol (!) to finish the password:
b@77OeuP!

 
If you always use consistent modifications, you’ll be able to remember how to reform the password.

For example, you could…
  • Always capitalize the third and last letter of the word.
  • Always substitute @ for a, 7 for t, ! for i and 1 for l. (Be aware that these examples are frequently used substitutions, so it’s best for you to come up with your own.) 
  • Always add a question mark at the end (or two, if that’s what it takes to get to the minimum password length requirement).
Emma